“DNA McSpray to foil thieves – McDonalds to use new anti-theft spray,” The Sunday Telegraph, Jan. 8, 2012. The spray, developed and used in the UK, contains an “invisible, synthetic DNA solution” particular to each location using it. “It stays on clothing for up to six months and on skin for up to two weeks” and police can detect it using a UVA light.

“TomTom cleared of data violation allegations,” Jamie Yap, ZDNet Asia, Jan. 13, 2012. “The company issued a statement on Thursday saying that it had been cooperating with the Dutch Data Protection Authority (CBP) in recent months to ensure it is fully compliant with privacy laws, and has since been found that sharing of data with third parties did not constitute a violation of Dutch privacy laws.”

Discussed by the European Parliament’s Privacy Platform earlier this month, the Patriot Act is being investigated by European authorities, after Gordon Frazer, managing director of Microsoft UK, exclusively told ZDNet that the Redmond-based company must comply with Patriot Act requests, and other companies with a U.S. presence must do also.

This contravenes European law, which states that organisations cannot pass on user data to a third-party outside the European zone without the users’ permission.

In a written answer to a parliamentary question, Dutch minister Ivo Opstelten asserted that, in response to previous questions (Dutch): “This basically means that companies from the United States in such bids and contracts are excluded.”

The proposals would bolster significantly the EU’s powers on combating data protection breaches, such as when companies sell customer data to third parties without authorisation or fail to adequately protect information held by social networks and “cloud computing” services.

Companies would have 24 hours to notify data protection authorities and the effected parties in cases where private data are compromised, as happened this year when the details of 77m Sony PlayStation accounts were hacked.

By ensuring the rules also apply to foreign groups’ European subsidiaries, the new rules will force global companies to strengthen their data policies.

The article mentions, but not does not discuss in further detail, that measures covering the “right to be forgotten” are included in these proposals, which are expected to take two years to be finalized and then be approved by member states, whom, the article notes, may not be eager to cede jurisdiction on privacy matters to the EU.